Coder Social home page Coder Social logo

xorstr-security's Introduction

xorstr-security

English | 中文介绍

Bypass detection from Flare-floss

Design Background

The xorstr technique has been thoroughly compromised by several open-source tools, including Flare-floss and my own open-source tool AntiXorstr. These open-source detection tools efficiently and quickly recover the original strings from the binary samples. To address this issue, this project has been designed with a focus on effectively countering these detection methods, particularly Flare-floss.

Overview

There are two bypass techniques implemented in this project: xorstr_s and xorstr_h. These techniques are based on different principles.

xorstr_s

types status
Flare-floss static strings bypass
Flare-floss stack strings bypass
Flare-floss tight strings bypass
Flare-floss decoded strings /

testing demo

void test()
{
    printf(Enc("Samsung\n"));
    wprintf(Enc(L"Apple\n"));
    printf(Enc("Xiaomi\n"));
    wprintf(Enc(L"Oppo Group\n"));
    printf(Enc("vivo\n"));
    wprintf(Enc(L"Transsion\n"));

    std::cout << Enc("Honor") << std::endl;
    std::wcout << Enc(L"Realme") << std::endl;
    std::cout << Enc("Motorola") << std::endl;
    std::wcout << Enc(L"Huawei") << std::endl;
    std::cout << Enc("Others") << std::endl;
}

Test result: STACK & TIGHT bypass, DECODED mode restored part of it

 ─────────────────────
  FLOSS STACK STRINGS
 ─────────────────────

 ─────────────────────
  FLOSS TIGHT STRINGS
 ─────────────────────

 ───────────────────────
  FLOSS DECODED STRINGS
 ───────────────────────
Samsung
Apple
Xiaomi
Oppo Group
vivo
Transsion
Honor

xorstr_h

types status
Flare-floss static strings bypass
Flare-floss stack strings bypass
Flare-floss tight strings bypass
Flare-floss decoded strings bypass

Test result: demo is consistent with xorstr_s, bypassing in all modes

 FLOSS STACK STRINGS
 ─────────────────────
o]QOIR[6<
}<L<L<P<Y<6<<<
dU]SQU6<
s<L<L<S<
<{<N<S<I<L<6<<<
JUJS6
h<N<]<R<O<O<U<S<R<6<<<
tSRSN
n<Y<]<P<Q<Y<<<
qSHSNSP]<
t<I<]<K<Y<U<<<
sHTYNO<

 ─────────────────────
  FLOSS TIGHT STRINGS
 ─────────────────────

 ───────────────────────
  FLOSS DECODED STRINGS
 ───────────────────────
o]QOIR[6<

Analysis Article

chinese
https://bbs.kanxue.com/thread-279309.htm

xorstr-security's People

Contributors

lstaroth avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.